Mobile devices can provide significant benefits to medical practices. But they also present some very real security risks.
For must of us, mobile security boils down to a few things:
Secure your device from the start
- Make certain to use a strong password.
Or at least use the fingerprint feature or better still, use both for multifactor authentication.
- Turn data encryption on.
- Set up a kill switch if the device is lost.
- Consider downloading an anti-theft app onto your device.
- Set your screen lock to lock after one minute or less.
- Set your phone to erase all data if too many unsuccessful login attempts are made (perhaps 10)
- Change your screen lock display to include your email address or alternate phone.
- Record and save the make, model & serial number as well as the IMEI or MEID or ESN number.
Secure your connections to networks
If you access PHI or office systems from your device:
- Use your office (private, staff only) wifi network
- If that is not available, use your cellular plan
If you must access office systems that have access to PHI from a public wifi, setup a Virtual Private Network to access a work computer and then run the desired system
Keep security in mind
- Don’t leave your device unattended. Remember, you’re protecting your patients and your practice.
- Install only secure Apps and give them access to only the minimum information.
- Don’t open suspicious emails or visit questionable websites.
- Never put the answers to your security challenge questions on social media.
- Don’t store personal health information (PHI) in your contact list.
Restrict access to the device
- Don’t let kids install apps on a device that is used at work.
- You can use iOS’s “guided access” or Andriod’s “guest mode” to let others use the device.
If you lose it and you have sensitive practice or patient information on it, act fast.
Contact your practices IT provider immediately.
They should advise you to:
- Contact the police, cell phone provider, and perhaps even the manufacturer.
- Use the “kill” switch to destroy EVERYTHING on the phone.
Dispose of the device securely
- Backup the device and the data to a hard drive and/or the cloud.
- Verify that all the critical data is backed up and is readable.
- Remove any external memory cards (the micro SD card, not the SIM card)
- Destroy the data on the device
- Perform a factory reset
Remember, when you delete files on these devices, you are only telling the system that they can overwrite the information. It does not actually delete it.
Information security is a hidden cost that we must pay, one way or another. It is just cheaper to pay it upfront.